Home / server / Questions / 140097
Accepted
Brent Pabst
Asked: 2010-05-10 21:36:21 +0800 CST

Multi-Domain Root Administrator

  • 772

We have a new domain structure we are planning on rolling out in the next few months.

Essentially there is a single top level and forest domain controller "mydomain.lan" and two children "us.mydomain.lan" and "pl.mydomain.lan". We want to configure an administrator account or two at the top level domain that then has full administrator permissions on the sub domains. By default the top level administrator cannot access or login to machines on the sub-domains. Running W2K8R2.

Ideas?

active-directory domain

2 Answers

  1. Best Answer

    If you add the administrator accounts in the parent domain to the "Enterprise Admins" builtin group, they should automatically be members of the "Domain Admins" group in child domains.

    • 2

  2. You should check whether "remote connections are allowed to server on which you want your two accounts get access to. In windows server 2012 R2:

    • Add both users to the Enterprise Admins group (in parent domain)

    In the child domain go to control panel "Control Panel\System and Security\System" and:

    • Click "Remote settings" in the left panel
    • Check "Allow remote connections to this computer"

    and you are done And in case you want child accounts to access the parent you should set a Trust(a second one) cause Prent-Child trust is a built-in trust when setting up child domain

    • 1